09 Nov 2023
Vulnérabilité CVE-2023-43580 CVE Vulnerability
A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. (CVSS:6.7) (Last Update:2023-11-08 23:15:10)
Vulnerability Details :
A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
Vulnerability category:OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2023-43580
We don't have an EPSS score for this CVE yet EPSS FAQ
CVSS scores for CVE-2023-43580
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|
6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 | Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. |
CWE ids for CVE-2023-43580
- The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. (Secondary)
References for CVE-2023-43580
- https://support.lenovo.com/us/en/product_security/LEN-141775 Multi-vendor BIOS Security Vulnerabilities (October 2023) - Lenovo Support US